PeopleTools Security - Roles and Permission Lists

Permission Lists are the building blocks of user security authorizations. Permission Lists may contain any number of permissions, such as sign-in times, page permissions, web services permissions, and so on. Permission Lists are more flexible and scalable when they contain fewer permissions. A Role may contain numerous permissions, and a user profile may have numerous Roles assigned to it. \ A user inherits all permissions assigned to each Role, which are in turn assigned to the user. User access is determined by the combination of all assigned roles.

This diagram illustrates how Roles are collections of Permission Lists and that multiple Roles can be assigned to a user profile. Rights associated with assigned Permission Lists are cumulative.

Roles can be assigned statically or dynamically.

Static Using the static approach, you assign users to roles manually. The static approach is not scalable to the thousands of users that are likely to use your system when you deploy applications to the internet. The static approach requires an administrator to maintain each user's set of roles. For that reason, PeopleSoft recommends that you explore and implement the dynamic assignment of roles.

Dynamic Using the dynamic approach, the system assigns roles based on business rules. You can manually run the rule, but typically, you run the rules from a scheduled batch process.

When a user profile is created there are four Permission Lists assigned which are not associated with a Role: Navigator Homepage, Process Profile, Primary and Row Security. Customer Connection (login required) explains this well here.